danpros · KuJoe · Mar 23, 2026
diff --git a/config/config.ini.example b/config/config.ini.example
@@ -76,6 +76,9 @@ login.protect.private = ""
 ; Multi-factor authentication
 mfa.state = "false"
 
+; Validate admin session against client IP address. Options "true" and "false"
+session.ip.validation = "true"
+
 ; Pagination, RSS, and JSON
 posts.perpage = "10"
 category.perpage = "10"

diff --git a/lang/ar_AR.ini b/lang/ar_AR.ini
@@ -340,3 +340,7 @@ backtotop = "Back to top"
 subpages = "Sub pages"
 getstarted = "Get started"
 onthispage = "On this page"
+keep_me_logged_in = "Keep me logged in"
+session_security = "Session security"
+ip_session_validation = "IP session validation"
+ip_session_validation_explain = "Keep this enabled for better security. Disable only for users whose IP changes frequently (for example, mobile networks)."
diff --git a/lang/be_BY.ini b/lang/be_BY.ini
@@ -341,3 +341,7 @@ backtotop = "Back to top"
 subpages = "Sub pages"
 getstarted = "Get started"
 onthispage = "On this page"
+keep_me_logged_in = "Keep me logged in"
+session_security = "Session security"
+ip_session_validation = "IP session validation"
+ip_session_validation_explain = "Keep this enabled for better security. Disable only for users whose IP changes frequently (for example, mobile networks)."
diff --git a/lang/cs_CZ.ini b/lang/cs_CZ.ini
@@ -340,3 +340,7 @@ backtotop = "Back to top"
 subpages = "Sub pages"
 getstarted = "Get started"
 onthispage = "On this page"
+keep_me_logged_in = "Keep me logged in"
+session_security = "Session security"
+ip_session_validation = "IP session validation"
+ip_session_validation_explain = "Keep this enabled for better security. Disable only for users whose IP changes frequently (for example, mobile networks)."
diff --git a/lang/da_DK.ini b/lang/da_DK.ini
@@ -351,3 +351,7 @@ backtotop = "Back to top"
 subpages = "Sub pages"
 getstarted = "Get started"
 onthispage = "On this page"
+keep_me_logged_in = "Keep me logged in"
+session_security = "Session security"
+ip_session_validation = "IP session validation"
+ip_session_validation_explain = "Keep this enabled for better security. Disable only for users whose IP changes frequently (for example, mobile networks)."
diff --git a/lang/de_DE.ini b/lang/de_DE.ini
@@ -340,3 +340,7 @@ subpages = "Unterseiten"
 getstarted = "Los geht's"
 onthispage = "Auf dieser Seite"
 backtotop = "Nach oben"
+keep_me_logged_in = "Keep me logged in"
+session_security = "Session security"
+ip_session_validation = "IP session validation"
+ip_session_validation_explain = "Keep this enabled for better security. Disable only for users whose IP changes frequently (for example, mobile networks)."
diff --git a/lang/de_DE_gender_doppelpunkt.ini b/lang/de_DE_gender_doppelpunkt.ini
@@ -340,3 +340,7 @@ subpages = "Unterseiten"
 getstarted = "Los geht's"
 onthispage = "Auf dieser Seite"
 backtotop = "Nach oben"
+keep_me_logged_in = "Keep me logged in"
+session_security = "Session security"
+ip_session_validation = "IP session validation"
+ip_session_validation_explain = "Keep this enabled for better security. Disable only for users whose IP changes frequently (for example, mobile networks)."
diff --git a/lang/de_DE_gender_dudenkonform.ini b/lang/de_DE_gender_dudenkonform.ini
@@ -340,3 +340,7 @@ subpages = "Unterseiten"
 getstarted = "Los geht's"
 onthispage = "Auf dieser Seite"
 backtotop = "Nach oben"
+keep_me_logged_in = "Keep me logged in"
+session_security = "Session security"
+ip_session_validation = "IP session validation"
+ip_session_validation_explain = "Keep this enabled for better security. Disable only for users whose IP changes frequently (for example, mobile networks)."
diff --git a/lang/el_GR.ini b/lang/el_GR.ini
@@ -342,3 +342,7 @@ backtotop = "Back to top"
 subpages = "Sub pages"
 getstarted = "Get started"
 onthispage = "On this page"
+keep_me_logged_in = "Keep me logged in"
+session_security = "Session security"
+ip_session_validation = "IP session validation"
+ip_session_validation_explain = "Keep this enabled for better security. Disable only for users whose IP changes frequently (for example, mobile networks)."
diff --git a/lang/en_US.ini b/lang/en_US.ini
@@ -407,3 +407,7 @@ backtotop = "Back to top"
 subpages = "Sub pages"
 getstarted = "Get started"
 onthispage = "On this page"
+keep_me_logged_in = "Keep me logged in"
+session_security = "Session security"
+ip_session_validation = "IP session validation"
+ip_session_validation_explain = "Keep this enabled for better security. Disable only for users whose IP changes frequently (for example, mobile networks)."
diff --git a/lang/eo_EO.ini b/lang/eo_EO.ini
@@ -340,3 +340,7 @@ backtotop = "Back to top"
 subpages = "Sub pages"
 getstarted = "Get started"
 onthispage = "On this page"
+keep_me_logged_in = "Keep me logged in"
+session_security = "Session security"
+ip_session_validation = "IP session validation"
+ip_session_validation_explain = "Keep this enabled for better security. Disable only for users whose IP changes frequently (for example, mobile networks)."
diff --git a/lang/es_ES.ini b/lang/es_ES.ini
@@ -340,3 +340,7 @@ backtotop = "Back to top"
 subpages = "Sub pages"
 getstarted = "Get started"
 onthispage = "On this page"
+keep_me_logged_in = "Keep me logged in"
+session_security = "Session security"
+ip_session_validation = "IP session validation"
+ip_session_validation_explain = "Keep this enabled for better security. Disable only for users whose IP changes frequently (for example, mobile networks)."
diff --git a/lang/fa_IR.ini b/lang/fa_IR.ini
@@ -340,3 +340,7 @@ backtotop = "Back to top"
 subpages = "Sub pages"
 getstarted = "Get started"
 onthispage = "On this page"
+keep_me_logged_in = "Keep me logged in"
+session_security = "Session security"
+ip_session_validation = "IP session validation"
+ip_session_validation_explain = "Keep this enabled for better security. Disable only for users whose IP changes frequently (for example, mobile networks)."
diff --git a/lang/fr_FR.ini b/lang/fr_FR.ini
@@ -340,3 +340,7 @@ backtotop = "Back to top"
 subpages = "Sub pages"
 getstarted = "Get started"
 onthispage = "On this page"
+keep_me_logged_in = "Keep me logged in"
+session_security = "Session security"
+ip_session_validation = "IP session validation"
+ip_session_validation_explain = "Keep this enabled for better security. Disable only for users whose IP changes frequently (for example, mobile networks)."
diff --git a/lang/gl_ES.ini b/lang/gl_ES.ini
@@ -340,3 +340,7 @@ backtotop = "Back to top"
 subpages = "Sub pages"
 getstarted = "Get started"
 onthispage = "On this page"
+keep_me_logged_in = "Keep me logged in"
+session_security = "Session security"
+ip_session_validation = "IP session validation"
+ip_session_validation_explain = "Keep this enabled for better security. Disable only for users whose IP changes frequently (for example, mobile networks)."
diff --git a/lang/gu_GU.ini b/lang/gu_GU.ini
@@ -340,3 +340,7 @@ backtotop = "Back to top"
 subpages = "Sub pages"
 getstarted = "Get started"
 onthispage = "On this page"
+keep_me_logged_in = "Keep me logged in"
+session_security = "Session security"
+ip_session_validation = "IP session validation"
+ip_session_validation_explain = "Keep this enabled for better security. Disable only for users whose IP changes frequently (for example, mobile networks)."
diff --git a/lang/hi_HI.ini b/lang/hi_HI.ini
@@ -340,3 +340,7 @@ backtotop = "Back to top"
 subpages = "Sub pages"
 getstarted = "Get started"
 onthispage = "On this page"
+keep_me_logged_in = "Keep me logged in"
+session_security = "Session security"
+ip_session_validation = "IP session validation"
+ip_session_validation_explain = "Keep this enabled for better security. Disable only for users whose IP changes frequently (for example, mobile networks)."
diff --git a/lang/hr_HR.ini b/lang/hr_HR.ini
@@ -340,3 +340,7 @@ backtotop = "Back to top"
 subpages = "Sub pages"
 getstarted = "Get started"
 onthispage = "On this page"
+keep_me_logged_in = "Keep me logged in"
+session_security = "Session security"
+ip_session_validation = "IP session validation"
+ip_session_validation_explain = "Keep this enabled for better security. Disable only for users whose IP changes frequently (for example, mobile networks)."
diff --git a/lang/hu_HU.ini b/lang/hu_HU.ini
@@ -340,3 +340,7 @@ backtotop = "Back to top"
 subpages = "Sub pages"
 getstarted = "Get started"
 onthispage = "On this page"
+keep_me_logged_in = "Keep me logged in"
+session_security = "Session security"
+ip_session_validation = "IP session validation"
+ip_session_validation_explain = "Keep this enabled for better security. Disable only for users whose IP changes frequently (for example, mobile networks)."
diff --git a/lang/id_ID.ini b/lang/id_ID.ini
@@ -340,3 +340,7 @@ backtotop = "Back to top"
 subpages = "Sub pages"
 getstarted = "Get started"
 onthispage = "On this page"
+keep_me_logged_in = "Keep me logged in"
+session_security = "Session security"
+ip_session_validation = "IP session validation"
+ip_session_validation_explain = "Keep this enabled for better security. Disable only for users whose IP changes frequently (for example, mobile networks)."
diff --git a/lang/it_IT.ini b/lang/it_IT.ini
@@ -407,3 +407,7 @@ backtotop = "Torna in cima"
 subpages = "Sottopagine"
 getstarted = "Per cominciare"
 onthispage = "Su questa pagina"
+keep_me_logged_in = "Keep me logged in"
+session_security = "Session security"
+ip_session_validation = "IP session validation"
+ip_session_validation_explain = "Keep this enabled for better security. Disable only for users whose IP changes frequently (for example, mobile networks)."
diff --git a/lang/ko_KO.ini b/lang/ko_KO.ini
@@ -340,3 +340,7 @@ backtotop = "Back to top"
 subpages = "Sub pages"
 getstarted = "Get started"
 onthispage = "On this page"
+keep_me_logged_in = "Keep me logged in"
+session_security = "Session security"
+ip_session_validation = "IP session validation"
+ip_session_validation_explain = "Keep this enabled for better security. Disable only for users whose IP changes frequently (for example, mobile networks)."
diff --git a/lang/ku_KU.ini b/lang/ku_KU.ini
@@ -340,3 +340,7 @@ backtotop = "Back to top"
 subpages = "Sub pages"
 getstarted = "Get started"
 onthispage = "On this page"
+keep_me_logged_in = "Keep me logged in"
+session_security = "Session security"
+ip_session_validation = "IP session validation"
+ip_session_validation_explain = "Keep this enabled for better security. Disable only for users whose IP changes frequently (for example, mobile networks)."
diff --git a/lang/ms_MY.ini b/lang/ms_MY.ini
@@ -340,3 +340,7 @@ backtotop = "Back to top"
 subpages = "Sub pages"
 getstarted = "Get started"
 onthispage = "On this page"
+keep_me_logged_in = "Keep me logged in"
+session_security = "Session security"
+ip_session_validation = "IP session validation"
+ip_session_validation_explain = "Keep this enabled for better security. Disable only for users whose IP changes frequently (for example, mobile networks)."
diff --git a/lang/nl_NL.ini b/lang/nl_NL.ini
@@ -340,3 +340,7 @@ backtotop = "Back to top"
 subpages = "Sub pages"
 getstarted = "Get started"
 onthispage = "On this page"
+keep_me_logged_in = "Keep me logged in"
+session_security = "Session security"
+ip_session_validation = "IP session validation"
+ip_session_validation_explain = "Keep this enabled for better security. Disable only for users whose IP changes frequently (for example, mobile networks)."
diff --git a/lang/pl_PL.ini b/lang/pl_PL.ini
@@ -341,3 +341,7 @@ backtotop = "Back to top"
 subpages = "Sub pages"
 getstarted = "Get started"
 onthispage = "On this page"
+keep_me_logged_in = "Keep me logged in"
+session_security = "Session security"
+ip_session_validation = "IP session validation"
+ip_session_validation_explain = "Keep this enabled for better security. Disable only for users whose IP changes frequently (for example, mobile networks)."
diff --git a/lang/pt_BR.ini b/lang/pt_BR.ini
@@ -340,3 +340,7 @@ backtotop = "Back to top"
 subpages = "Sub pages"
 getstarted = "Get started"
 onthispage = "On this page"
+keep_me_logged_in = "Keep me logged in"
+session_security = "Session security"
+ip_session_validation = "IP session validation"
+ip_session_validation_explain = "Keep this enabled for better security. Disable only for users whose IP changes frequently (for example, mobile networks)."
diff --git a/lang/ru_RU.ini b/lang/ru_RU.ini
@@ -341,3 +341,7 @@ backtotop = "Back to top"
 subpages = "Sub pages"
 getstarted = "Get started"
 onthispage = "On this page"
+keep_me_logged_in = "Keep me logged in"
+session_security = "Session security"
+ip_session_validation = "IP session validation"
+ip_session_validation_explain = "Keep this enabled for better security. Disable only for users whose IP changes frequently (for example, mobile networks)."
diff --git a/lang/sv_SE.ini b/lang/sv_SE.ini
@@ -352,3 +352,7 @@ backtotop = "Back to top"
 subpages = "Sub pages"
 getstarted = "Get started"
 onthispage = "On this page"
+keep_me_logged_in = "Keep me logged in"
+session_security = "Session security"
+ip_session_validation = "IP session validation"
+ip_session_validation_explain = "Keep this enabled for better security. Disable only for users whose IP changes frequently (for example, mobile networks)."
diff --git a/lang/tr_TR.ini b/lang/tr_TR.ini
@@ -340,3 +340,7 @@ backtotop = "Back to top"
 subpages = "Sub pages"
 getstarted = "Get started"
 onthispage = "On this page"
+keep_me_logged_in = "Keep me logged in"
+session_security = "Session security"
+ip_session_validation = "IP session validation"
+ip_session_validation_explain = "Keep this enabled for better security. Disable only for users whose IP changes frequently (for example, mobile networks)."
diff --git a/lang/uk_UA.ini b/lang/uk_UA.ini
@@ -340,3 +340,7 @@ backtotop = "Back to top"
 subpages = "Sub pages"
 getstarted = "Get started"
 onthispage = "On this page"
+keep_me_logged_in = "Keep me logged in"
+session_security = "Session security"
+ip_session_validation = "IP session validation"
+ip_session_validation_explain = "Keep this enabled for better security. Disable only for users whose IP changes frequently (for example, mobile networks)."
diff --git a/lang/zh_CN.ini b/lang/zh_CN.ini
@@ -340,3 +340,7 @@ backtotop = "Back to top"
 subpages = "Sub pages"
 getstarted = "Get started"
 onthispage = "On this page"
+keep_me_logged_in = "Keep me logged in"
+session_security = "Session security"
+ip_session_validation = "IP session validation"
+ip_session_validation_explain = "Keep this enabled for better security. Disable only for users whose IP changes frequently (for example, mobile networks)."
diff --git a/lang/zh_TW.ini b/lang/zh_TW.ini
@@ -340,3 +340,7 @@ backtotop = "Back to top"
 subpages = "Sub pages"
 getstarted = "Get started"
 onthispage = "On this page"
+keep_me_logged_in = "Keep me logged in"
+session_security = "Session security"
+ip_session_validation = "IP session validation"
+ip_session_validation_explain = "Keep this enabled for better security. Disable only for users whose IP changes frequently (for example, mobile networks)."
diff --git a/system/admin/admin.php b/system/admin/admin.php
@@ -46,7 +46,7 @@ function create_user($userName, $password, $role)
 }
 
 // Create a session
-function session($user, $pass)
+function session($user, $pass, $remember = false)
 {
     $user_file = 'config/users/' . $user . '.ini';
     if (!file_exists($user_file)) {
@@ -65,18 +65,24 @@ function session($user, $pass)
     if ($user_enc == "password_hash") {
         if (password_verify($pass, $user_pass)) {
             if (session_status() == PHP_SESSION_NONE) session_start();
+            session_regenerate_id(true);
             if (password_needs_rehash($user_pass, PASSWORD_DEFAULT)) {
                 update_user($user, $pass, $user_role, $mfa);
             }
             $_SESSION[site_url()]['user'] = $user;
+            $_SESSION[site_url()]['ip'] = current_session_ip();
+            set_session_cookie_lifetime($remember ? time() + (86400 * 30) : 0);
             header('location: admin');
         } else {
             return $str = '<div class="error-message"><ul><li class="alert alert-danger">' . i18n('Invalid_Error') . '</li></ul></div>';
         }
     } else if (old_password_verify($pass, $user_enc, $user_pass)) {
         if (session_status() == PHP_SESSION_NONE) session_start();
+        session_regenerate_id(true);
         update_user($user, $pass, $user_role, $mfa);
         $_SESSION[site_url()]['user'] = $user;
+        $_SESSION[site_url()]['ip'] = current_session_ip();
+        set_session_cookie_lifetime($remember ? time() + (86400 * 30) : 0);
         header('location: admin');
     } else {
         return $str = '<div class="error-message"><ul><li class="alert alert-danger">' . i18n('Invalid_Error') . '</li></ul></div>';

diff --git a/system/admin/views/config-security.html.php b/system/admin/views/config-security.html.php
@@ -80,6 +80,29 @@
 	  <small><em><?php echo i18n('explain_mfa');?></em></small>
     </div>
   </div>
+  <br>
+  <h4><?php echo i18n('session_security');?></h4>
+  <hr>
+  <div class="form-group row">
+    <label class="col-sm-2 col-form-label"><?php echo i18n('ip_session_validation');?></label>
+    <div class="col-sm-10">
+      <div class="col-sm-10">
+        <div class="form-check">
+          <input class="form-check-input" type="radio" name="-config-session.ip.validation" id="session.ip.validation1" value="true" <?php if (is_null(config('session.ip.validation')) || config('session.ip.validation') === 'true'):?>checked<?php endif;?>>
+          <label class="form-check-label" for="session.ip.validation1">
+            <?php echo i18n('Enable');?>
+          </label>
+        </div>
+        <div class="form-check">
+          <input class="form-check-input" type="radio" name="-config-session.ip.validation" id="session.ip.validation2" value="false" <?php if (config('session.ip.validation') === 'false'):?>checked<?php endif;?>>
+          <label class="form-check-label" for="session.ip.validation2">
+            <?php echo i18n('Disable');?>
+          </label>
+        </div>
+      </div>
+      <small><em><?php echo i18n('ip_session_validation_explain');?></em></small>
+    </div>
+  </div>
   <div class="form-group row">
     <div class="col-sm-10">
       <button type="submit" class="btn btn-primary"><?php echo i18n('Save_Config');?></button>

diff --git a/system/admin/views/login.html.php b/system/admin/views/login.html.php
@@ -20,6 +20,10 @@
             }
         } ?>" name="password" placeholder="<?php echo i18n('Password'); ?>"/>
         <br>
+        <div class="form-check" style="margin-bottom:1rem;">
+            <input type="checkbox" class="form-check-input" id="remember" name="remember" value="1" <?php if (!empty($remember)) { echo 'checked'; } ?>>
+            <label class="form-check-label" for="remember"><?php echo i18n('Keep_me_logged_in'); ?></label>
+        </div>
         <input type="hidden" name="csrf_token" value="<?php echo get_csrf() ?>">
         <?php if (config('login.protect.system') === 'google'): ?>
             <script src='https://www.google.com/recaptcha/api.js'></script>

diff --git a/system/admin/views/logout.html.php b/system/admin/views/logout.html.php
@@ -2,6 +2,10 @@
 <?php
 
 unset($_SESSION[site_url()]);
+if (session_status() === PHP_SESSION_ACTIVE) {
+	set_session_cookie_lifetime(time() - 3600);
+	session_destroy();
+}
 
 header('location: login');
 

diff --git a/system/configList.json b/system/configList.json
@@ -34,6 +34,7 @@
     "login.protect.system",
     "login.protect.public",
     "login.protect.private",
+    "session.ip.validation",
     "posts.perpage",
     "category.perpage",
     "tag.perpage",